About Backup security settings and backup restore on different Plesk installation

[mixos]

Hello,

I am using Plesk 12.5.30 on CentOS 7.2 and while configuring Backup setting for my server i noticed the backup security section that has two options to choose. One is the "Plesk's encryption key" and the other is the "Specified password". Above the options there is this text:

"For security reasons, we recommend that you protect data contained in backups. By default, all backups are encrypted with the Plesk's internal encryption key, which is unique for each Plesk installation. Note that the backups encrypted with such a key can be restored only in the Plesk installation where they were created, and cannot be restored in another Plesk installation. Therefore, we recommend using a password for protecting backup files."

So, suppose my server Hard Disk fails (which happened to me 2 times in past) and i have my backups in a separate FTP server, i will have to install a fresh Plesk installation on the new hard disk and restore the domains/data from the FTP backup. In this case the backup will be encrypted using the old Plesk installation and i will have to restore it on the new Plesk installation. According to the paragraph above, I can only restore backups created on the same Plesk installation, so how can i restore my domains/data on the new installation?

Should i choose "Specified password" option or disable the backup security in some way?

I would really appreciate your opinion on this.

Mike

 

[KonstantinosS]

I use a specific password in my backups, as you never know when a disk failure might happen. In addition, I always run a raid1 or raid10 configuration in servers, so that I can avoid a bad disk issue. You can opt in a triple backup solution, where you keep one backup on the same server, one in a remote location (ie. FTP) and one in Amazon, box, Dropbox, or even download them at your office NAS.

 

[mixos]

Have you tried to restore a backup made from another Plesk installation using specific password ?

 

[KonstantinosS]

Have you tried to restore a backup made from another Plesk installation using specific password ?

Yes, twice, both of which were successful. However, I was using the same hardware, OS and Plesk version at that time, so I am not really sure if that was the case or not. Now, I use Virtuozzo's backup tool for Plesk containers I deploy, in addition to backing things up through Plesk and saving the gz files in multiple locations, just to feel safe that I'll have at least one solution available.

 

[Dmitry Y.]

Specific password is not about backup to FTP.
Unfortunately official KB has poor description of this feature http://docs.plesk.com/en-US/12.5/ad...and-restoration/global-backup-settings.59265/
The goal of the custom password for backups is to encrypt dumps in server (local) repository.

Some admins setup local backup storage to mounted drive. Then after crashing of the drive with Plesk or some other problems they decide to reinstall Plesk on new drive, mount backup storage and restore from it. Here they faced with the problem where new Plesk installation has another encryption key, which does not match the key used in backup. In such case Plesk is able to restore all the data, but some passwords (for FTP/mail/client/reseller etc. accounts) will be regenerated as there are no way to decrypt original passwords.

To resolve such situation in Plesk 12.5 was introduced the feature, which allows to setup custom password for backup encryption in local storage. With this feature in the situation described above admin must setup the same password after fresh Plesk installation and will be able to restore all the data.

When you download backup or setup backup to FTP you do the similar thing - setup a custom password. And this password is not related to "specific password"

 

[mixos]

Thanks for your answer. So, in my case where i backup on an FTP server, i should add a password under FTP Storage Settings -> Backup security settings and then i will be able to restore on a new Plesk installation using the same password. Am i right?

 

[Dmitry Y.]

Yes, you are right.

 

[SigmundS]

Hello there, I set up a password as the post mentioned by Dmitry Y. In the settings I can only set a single folder, eg "/". But I have set up different folders for each customer where their Backups are stored in eg /user_one/backups. The backups are stored in the correct folders. Everyone uses their own passwords to protect their backups.
First and second Question: Is the password the customers set used or not? Or is the "master" FTP password the one that counts?

If I download a backup from the FTP Storage (with Plesk) I can open it and look at files and dbs and open them and read everything.
Third Question: Aren't these files supposed to be pw protected???

I can't see the point in setting a pw for protection and then I can do with the data what I want once downloaded without the pw. Quite confusing. I think I'm missing some important point.
Fourth Question: Could someone help me Out?

Sigmund